File _patchinfo of Package patchinfo
<patchinfo incident="5752"> <issue id="1000287" tracker="bnc">[patch] AppArmor change_hat failures</issue> <issue id="1001486" tracker="bnc">VUL-0: CVE-2016-7039, CVE-2016-8666: kernel-source: remote crash via stack overflow</issue> <issue id="1003077" tracker="bnc">VUL-0: CVE-2016-7117: kernel: use after free in the recvmmsg exit path</issue> <issue id="1003925" tracker="bnc">VUL-0: CVE-2015-8956 kernel: NULL dereference in RFCOMM bind callback</issue> <issue id="1003931" tracker="bnc">VUL-0: CVE-2015-8955 kernel: Possible privilege escalation via groups spanning multiple HW PMUs</issue> <issue id="1004045" tracker="bnc">VUL-0: CVE-2015-8950 kernel: Missing cleaning of allocated buffers</issue> <issue id="1004418" tracker="bnc">VUL-0: CVE-2016-5195: kernel: local privilege escalation using MAP_PRIVATE "Dirty COW"</issue> <issue id="1004462" tracker="bnc">VUL-0: CVE-2016-8658 kernel: Stack buffer overflow in brcmf_cfg80211_start_ap</issue> <issue id="881008" tracker="bnc">Xen hotplug scripts are not called to re-connect vif when doing a disable/enable in the vm</issue> <issue id="909994" tracker="bnc">deadlock in blktap2 after destroying Xen HVM domU causes deadlock in procfs</issue> <issue id="911687" tracker="bnc">soft lockup in tapdisk2 / blktap_device_restart / force_evtchn_callback</issue> <issue id="922634" tracker="bnc">USB 3.0 Safely Remove Drive attach the drive again</issue> <issue id="951155" tracker="bnc">SLES12 SP1 RC2 kernel-xen : Kernel OOPS kernel BUG at ../arch/x86/mm/fault-xen.c:408!</issue> <issue id="960689" tracker="bnc">VUL-0: CVE-2015-7513: kernel: pit counters controllable by userspace can cause division by 0</issue> <issue id="978094" tracker="bnc">virsh/xl domu shutdown hangs domain name changes to null</issue> <issue id="980371" tracker="bnc">VUL-0: CVE-2016-4805: kernel: Use after free vulnerability in ppp_unregister_channel</issue> <issue id="986570" tracker="bnc">VUL-0: CVE-2016-1237: kernel-source: nfsd: any user can set a file's ACL over NFS and grant access to it</issue> <issue id="989152" tracker="bnc">VUL-1: CVE-2016-5696: kernel-source: challenge ACK counter information disclosure</issue> <issue id="991247" tracker="bnc">Xen driver bug "xen_netfront: xennet: skb rides the rocket"</issue> <issue id="991608" tracker="bnc">VUL-0: CVE-2016-6480: kernel: double read leading to kernel information discosure</issue> <issue id="991665" tracker="bnc">VUL-0: kernel: hid: forged keyboard can panic kernel</issue> <issue id="993890" tracker="bnc">VUL-1: kernel: kaweth driver can be made to oops by malicious device</issue> <issue id="993891" tracker="bnc">VUL-1: kernel: cdc-acm can be made to oops by malicious device</issue> <issue id="994296" tracker="bnc">VUL-0: CVE-2016-6828: kernel-source: tcp_xmit_retransmit_queue use after free on 4.8-rc1 / master</issue> <issue id="994520" tracker="bnc">kernel warning on boot: do not call blocking ops when !TASK_RUNNING; state=1 (vmw_vmci module)</issue> <issue id="994748" tracker="bnc">VUL-0: CVE-2016-6327: kernel-source: infiniband: Kernel crash by sending ABORT_TASK command</issue> <issue id="994752" tracker="bnc">VUL-1: CVE-2014-7843: kernel-source: aarch64: copying from /dev/zero causes local DoS</issue> <issue id="994759" tracker="bnc">VUL-1: CVE-2016-0823: kernel-source: information leak via pagemap proc file</issue> <issue id="996664" tracker="bnc">kernel BUG at ../xen/netback/netback.c:569!</issue> <issue id="999600" tracker="bnc">btrfs BUG: unable to handle kernel NULL pointer dereference at (null)</issue> <issue id="999932" tracker="bnc">VUL-0: CVE-2016-7425: kernel-source: SCSI arcmsr driver: Buffer overflow in arcmsr_iop_message_xfer()</issue> <issue id="2015-8956" tracker="cve" /> <issue id="2016-5195" tracker="cve" /> <issue id="2016-8658" tracker="cve" /> <issue id="2016-7117" tracker="cve" /> <issue id="2016-0823" tracker="cve" /> <issue id="2016-7425" tracker="cve" /> <issue id="2016-6327" tracker="cve" /> <issue id="2016-6828" tracker="cve" /> <issue id="2016-5696" tracker="cve" /> <issue id="2016-6480" tracker="cve" /> <issue id="2015-7513" tracker="cve" /> <issue id="2016-1237" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>msmeissn</packager> <reboot_needed/> <description> The openSUSE 13.2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2015-8956: The rfcomm_sock_bind function in net/bluetooth/rfcomm/sock.c in the Linux kernel allowed local users to obtain sensitive information or cause a denial of service (NULL pointer dereference) via vectors involving a bind system call on a Bluetooth RFCOMM socket (bnc#1003925). - CVE-2016-5195: A local privilege escalation using MAP_PRIVATE was fixed, which is reportedly exploited in the wild (bsc#1004418). - CVE-2016-8658: Stack-based buffer overflow in the brcmf_cfg80211_start_ap function in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux kernel allowed local users to cause a denial of service (system crash) or possibly have unspecified other impact via a long SSID Information Element in a command to a Netlink socket (bnc#1004462). - CVE-2016-7117: Use-after-free vulnerability in the __sys_recvmmsg function in net/socket.c in the Linux kernel allowed remote attackers to execute arbitrary code via vectors involving a recvmmsg system call that is mishandled during error processing (bnc#1003077). - CVE-2016-0823: The pagemap_open function in fs/proc/task_mmu.c in the Linux kernel before 3.19.3, as used in Android 6.0.1 before 2016-03-01, allowed local users to obtain sensitive physical-address information by reading a pagemap file, aka Android internal bug 25739721 (bnc#994759). - CVE-2016-7425: The arcmsr_iop_message_xfer function in drivers/scsi/arcmsr/arcmsr_hba.c in the Linux kernel did not restrict a certain length field, which allowed local users to gain privileges or cause a denial of service (heap-based buffer overflow) via an ARCMSR_MESSAGE_WRITE_WQBUFFER control code (bnc#999932). - CVE-2016-6327: drivers/infiniband/ulp/srpt/ib_srpt.c in the Linux kernel allowed local users to cause a denial of service (NULL pointer dereference and system crash) by using an ABORT_TASK command to abort a device write operation (bnc#994748). - CVE-2016-6828: The tcp_check_send_head function in include/net/tcp.h in the Linux kernel did not properly maintain certain SACK state after a failed data copy, which allowed local users to cause a denial of service (tcp_xmit_retransmit_queue use-after-free and system crash) via a crafted SACK option (bnc#994296). - CVE-2016-5696: net/ipv4/tcp_input.c in the Linux kernel did not properly determine the rate of challenge ACK segments, which made it easier for man-in-the-middle attackers to hijack TCP sessions via a blind in-window attack (bnc#989152) - CVE-2016-6480: Race condition in the ioctl_send_fib function in drivers/scsi/aacraid/commctrl.c in the Linux kernel allowed local users to cause a denial of service (out-of-bounds access or system crash) by changing a certain size value, aka a "double fetch" vulnerability (bnc#991608). - CVE-2015-7513: arch/x86/kvm/x86.c in the Linux kernel did not reset the PIT counter values during state restoration, which allowed guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via a zero value, related to the kvm_vm_ioctl_set_pit and kvm_vm_ioctl_set_pit2 functions (bnc#960689). - CVE-2016-1237: nfsd in the Linux kernel allowed local users to bypass intended file-permission restrictions by setting a POSIX ACL, related to nfs2acl.c, nfs3acl.c, and nfs4acl.c (bnc#986570). The following non-security bugs were fixed: - AF_VSOCK: Shrink the area influenced by prepare_to_wait (bsc#994520). - xen: Fix refcnt regression in xen netback introduced by changes made for bug#881008 (bnc#978094) - MSI-X: fix an error path (luckily none so far). - usb: fix typo in wMaxPacketSize validation (bsc#991665). - usb: validate wMaxPacketValue entries in endpoint descriptors (bnc#991665). - Update patches.fixes/0002-nfsd-check-permissions-when-setting-ACLs.patch (bsc#986570 CVE#2016-1237). - Update patches.fixes/0001-posix_acl-Add-set_posix_acl.patch (bsc#986570 CVE#2016-1237). - apparmor: fix change_hat not finding hat after policy replacement (bsc#1000287). - arm64: Honor __GFP_ZERO in dma allocations (bsc#1004045). - arm64: __clear_user: handle exceptions on strb (bsc#994752). - arm64: dma-mapping: always clear allocated buffers (bsc#1004045). - arm64: perf: reject groups spanning multiple HW PMUs (bsc#1003931). - blkfront: fix an error path memory leak (luckily none so far). - blktap2: eliminate deadlock potential from shutdown path (bsc#909994). - blktap2: eliminate race from deferred work queue handling (bsc#911687). - btrfs: ensure that file descriptor used with subvol ioctls is a dir (bsc#999600). - cdc-acm: added sanity checking for probe() (bsc#993891). - kaweth: fix firmware download (bsc#993890). - kaweth: fix oops upon failed memory allocation (bsc#993890). - netback: fix flipping mode (bsc#996664). - netback: fix flipping mode (bsc#996664). - netfront: linearize SKBs requiring too many slots (bsc#991247). - nfsd: check permissions when setting ACLs (bsc#986570). - posix_acl: Add set_posix_acl (bsc#986570). - ppp: defer netns reference release for ppp channel (bsc#980371). - tunnels: Do not apply GRO to multiple layers of encapsulation (bsc#1001486). - usb: hub: Fix auto-remount of safely removed or ejected USB-3 devices (bsc#922634). - x86: suppress lazy MMU updates during vmalloc fault processing (bsc#951155). - xen-netback-generalize.patch: Fold back into base patch. - xen3-patch-2.6.31.patch: Fold back into base patch. - xen3-patch-3.12.patch: Fold bac into base patch. - xen3-patch-3.15.patch: Fold back into base patch. - xen3-patch-3.3.patch: Fold back into base patch. - xen3-patch-3.9.patch: Fold bac into base patch. - xen3-patch-3.9.patch: Fold back into base patch. - xenbus: do not bail early from xenbus_dev_request_and_reply() (luckily none so far). - xenbus: inspect the correct type in xenbus_dev_request_and_reply(). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
